admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-292xx/CVE-2022-29250.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

144 lines
4.7 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-29250",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-06-09T20:15:08.267",
"lastModified": "2022-06-16T19:35:11.417",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions prior to version 10.0.1 it is possible to add extra information by SQL injection on search pages. In order to exploit this vulnerability a user must be logged in."
},
{
"lang": "es",
"value": "GLPI es un paquete de software gratuito de administraci\u00f3n de activos y TI que ofrece funciones de Service Desk de ITIL, seguimiento de licencias y auditor\u00eda de software. En versiones anteriores a 10.0.1, es posible a\u00f1adir informaci\u00f3n extra mediante inyecci\u00f3n SQL en las p\u00e1ginas de b\u00fasqueda. Para explotar esta vulnerabilidad un usuario debe estar conectado"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:glpi-project:glpi:10.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "B6C1760F-4B01-4775-8481-D93BA28888BF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:glpi-project:glpi:10.0.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "D0378AD5-BFA0-40CD-BFB5-9D9E0790E9B7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:glpi-project:glpi:10.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E82A2E80-7C91-4147-A951-CA25E3AA1F01"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:glpi-project:glpi:10.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "16485B8E-5550-433C-A352-BABBC22DF375"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:glpi-project:glpi:10.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "076C11C8-A848-43FB-8C01-E68D85015C58"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-5w33-4wrx-8hvw",
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink